Responsible Disclosure
Report a security
vulnerability
Found a security issue? We appreciate responsible disclosure. Please email us with details so we can address it quickly.
SOC 2 Type IIGDPRCCPATLS 1.3AES-256
What to include
- →Description of the vulnerability
- →Steps to reproduce the issue
- →Potential impact assessment
- →Affected component or system
- →Proposed fixes (optional)
Our commitment
24h
Acknowledgment
We confirm receipt of your report within 24 hours.
7d
Initial assessment
We provide an initial assessment and expected timeline within 7 days.
90d
Resolution
We target resolving critical issues within 90 days of confirmation.
Scope
In scope
- ✓Production systems and APIs
- ✓FunctionFly dashboard and website
- ✓Authentication and authorization flaws
- ✓Data exposure or integrity issues
- ✓Cryptographic vulnerabilities
- ✓Server-side request forgery (SSRF)
- ✓Injection attacks (SQL, XSS, etc.)
Out of scope
- ✗Social engineering attacks
- ✗Physical security testing
- ✗Denial of service attacks
- ✗Attacks on third-party services
- ✗UI/UX issues without security impact
- ✗Feature requests
- ✗Third-party library vulnerabilities
Recognition
We credit researchers who responsibly disclose security vulnerabilities in our Hall of Fame. With your permission, we will list your name or alias alongside the resolved vulnerability.
For significant discoveries, we may offer bug bounty rewards. Our security team will discuss this on a case-by-case basis.
Other security contacts
Ready to report?
Email us at security@functionfly.com with your findings.